The stores had been asking customers to pay with cash or check while the attack was being investigated.

"We are incredibly grateful to our customers for their patience and understanding, and we are humbled by their support and continue to extend our sincere apologies for the frustration and inconvenience caused by this incident," URM CEO Ray Sprinkle wrote in a statement [PDF]. "URM is also extremely proud of the employees of URM and its member stores for their hard work and dedication during this process."

Although the attack is no longer ongoing, Sprinkle noted that any card used before the attack was blocked could still be used to make fraudulent purchases. All customers who used their card in a store before November 25, 2013 are advised to monitor their statements for unauthorized charges.

"After finding signs of the attack, we devoted all of our efforts to stopping it," Sprinkle wrote. "The investigation will now turn towards identifying what stores were affected and for how long. When that occurs, alerts will be sent to the companies that issued cards that might be at risk from the attack. ... We are also working with law enforcement to apprehend those responsible."